Macintosh At Ease Apple Share automated login "feature"

Summary
Description:By default, At Ease will automate the login process to AppleShare servers, and store the login and password in clear text in the At Ease Preference file. You can usually read this file trivially by exploiting applications (like netscape file:// URLs).
Author:Paul Melson <melson@SCNC.HOLT.K12.MI.US>
Compromise:Unauthorised access to an AppleShare fileserver.
Vulnerable Systems:Macintoshes, running At Ease and using the Auto Login "feature".
Date:21 May 1997
Details


Date: Wed, 21 May 1997 08:31:41 -0400
From: Paul Melson <melson@SCNC.HOLT.K12.MI.US>
To: BUGTRAQ@NETSPACE.ORG
Subject: Re: Mac/At Ease/Netscape File Access Exploit

> That's just the tip of the iceberg.  Since the machine being attacked is
> 'netted' (obviously, else it wouldn't be running Netscape), there is lots
> more fun you can have with it.  For example, given an email account
> somewhere you can use the 'mail url' feature to send yourself any file on
> the system, regardless of priviliges.  A good file to send would be the
> 'At Ease Preferences' file which contains the master At Ease preferences.
> Once you have obtained this, cracking the password is trivial with a
> program such as DisEase, thus leading to a total comprimise.
>
> Meth
> method@yikes.com


        Yep, and it gets worse.  If you use an AppleShare server
        (NetWare running APPLETLK.NLM or Linux running atalkd
         would also count) as At Ease's startup volume, then At
        Ease will automate the login process to the server.  This
        is be nasty because whoever is logged in when At Ease
        is set up would automatically be logged in to the file
        server every time At Ease starts up thereafter.  But it
        gets worse - the login information (ServerID, UserID,
         Password) is stored in the 'At Ease Preferences' file.

        This can be disabled from within the 'At Ease Setup
        (Workgroups)' utility by simply un-checking the box
        labeled 'Always remember the user's last-used AppleShare
        logins.'  But since the default is to use the auto-login
        feature, I figured it was worth mentioning.  FYI, disabling
        this feature doesn't remove the original copy of the
        AppleShare login information from the preferences file.



Paul

--
                                                        _____________________
                                                        melson@holt.k12.mi.us

More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:
All OS's Linux Solaris/SunOS Micro$oft
*BSD Macintosh AIX IRIX
ULTRIX/Digital UNIX HP/UX SCO Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces:

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault